Secrets, Security Insights and APIs!

Secrets, Security Insights, and APIs!

ShiftLeft Inspect can now detect “hardcoded secrets” (across all languages), and provide “security insights” into your JavaScript code. ShiftLeft Inspect has also released a new version of API (v4) to support notions of scans, apps, and export security insights and detected secrets for individual apps.

Ability to detect hardcoded secrets

ShiftLeft Inspect can now perform detection of hardcoded secrets across all languages supported by ShiftLeft Inspect starting today. As part of the analysis

1. ShiftLeft can detect secrets in different categories such as URL, Infrastructure, API Keys, Username/Passwords, and PII data.
2. These results could be configured to appear obfuscated and can be filtered by specifying an appropriate entropy condition.

Best of all, the user does not have to provide any new options to invoke this analysis. Detected secrets will just be available out of the box as one more set of findings for any new analysis.

Security Insights

Security Insights are a collection of findings that indicate if a particular code snippet can lead to vulnerabilities today or in the future. These insights help a developer avoid such code issues at an early stage and can help prevent the onset of vulnerabilities.

Currently, this feature is only available for JavaScript language and will soon be extended to all other languages supported by ShiftLeft Inspect.

Sponsorships Available

Sponsorships Available

Sponsorships Available

API Version 4

This release also makes a substantial upgrade in APIs to access ShiftLeft Inspect analysis results. Now users can use APIs to

1. Check for results of individual scans
2. Iterate on individuals apps, individual scans per app to fetch the precise information he/she is looking for.
3. Fetch results of a new class of findings such as Secrets, Insights in addition to an existing class of findings as in vulnerabilities in any combination she/he desires.

Coming soon — a swagger compliant format of all of our APIs.

Prologue

All of the above features are now available to all ShiftLeft customers and are part of the current pipeline.

Click here for a free trial of ShiftLeft Inspect.

Secrets, Security Insights and APIs! was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Recent Articles By Author

• Try like consumer, buy like enterprise — 18 months of a B2B product led journey!
• Introducing “Attacker Reachability”: Reduce open-source vulnerability tickets by 90% or more.
• Rashomon Effect and Product Management

More from Alok Shukla

*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Alok Shukla. Read the original post at: https://blog.shiftleft.io/javascript-secrets-security-insights-and-apis-9ebf9bb87a37?source=rss----86a4f941c7da---4